mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 07:07:52 +01:00
Code Issues Projects Releases Wiki Activity
No description
23363 commits 53 branches 632 tags 102 MiB
C 94.4%
Python 1.5%
C++ 1.1%
Shell 1.1%
M4 0.9%
Other 0.8%
Find a file
Nick Mathewson 4812441d34 Never read off the end of a buffer in base32_encode() 
When we "fixed" #18280 in 4e4a7d2b0c
in 0291 it appears that we introduced a bug: The base32_encode
function can read off the end of the input buffer, if the input
buffer size modulo 5 is not equal to 0 or 3.

This is not completely horrible, for two reasons:
   * The extra bits that are read are never actually used: so this
     is only a crash when asan is enabled, in the worst case.  Not a
     data leak.

   * The input sizes passed to base32_encode are only ever multiples
      of 5. They are all either DIGEST_LEN (20), REND_SERVICE_ID_LEN
      (10), sizeof(rand_bytes) in addressmap.c (10), or an input in
      crypto.c that is forced to a multiple of 5.

So this bug can't actually trigger in today's Tor.

Closes bug 21894; bugfix on 0.2.9.1-alpha.
2017-04-07 10:47:16 -04:00
changes Never read off the end of a buffer in base32_encode() 2017-04-07 10:47:16 -04:00
contrib Bump to 0.2.9.10-dev 2017-03-01 08:18:54 -05:00
doc Fix grammar in HiddenServiceSingleHopMode description 2016-11-14 10:28:02 -05:00
m4 Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS 2016-06-17 10:17:44 -04:00
scripts fix crash in lintChanges.py 2016-09-22 08:33:09 -04:00
src Never read off the end of a buffer in base32_encode() 2017-04-07 10:47:16 -04:00
.gitignore Add TAGS to gitignore. 2016-10-03 14:08:50 -04:00
acinclude.m4 Resolve some warnings from OSX clang. 2016-06-11 10:11:53 -04:00
autogen.sh Use a nicely written autoconf macro to determine the sign of a type 2013-02-07 16:23:48 -05:00
ChangeLog Bump master to 0.2.9.4-alpha-dev 2016-10-17 16:31:40 -04:00
configure.ac Bump to 0.2.9.10-dev 2017-03-01 08:18:54 -05:00
Doxyfile.in Use output variables instead of relative paths. 2015-03-14 13:00:04 -04:00
INSTALL Small fixes for the 2702 implementation 2011-04-02 12:15:08 +02:00
LICENSE Add __mulodi4 source to src/ext 2016-05-18 09:44:01 -04:00
Makefile.am Teach 'make tags' about MOCK_IMPL. 2016-10-03 13:58:09 -04:00
Makefile.nmake Clean up the MVSC nmake files so they work again. 2014-09-09 10:27:05 -04:00
README Move hacking documentation into a new subdirectory. 2015-10-09 10:40:53 -04:00
ReleaseNotes release-notes for 0.2.8.9 2016-10-17 15:00:58 -04:00

README 

Tor protects your privacy on the internet by hiding the connection
between your Internet address and the services you use. We believe Tor
is reasonably secure, but please ensure you read the instructions and
configure it properly.

To build Tor from source:
        ./configure && make && make install

To build Tor from a just-cloned git repository:
        sh autogen.sh && ./configure && make && make install

Home page:
        https://www.torproject.org/

Download new versions:
        https://www.torproject.org/download/download.html

Documentation, including links to installation and setup instructions:
        https://www.torproject.org/docs/documentation.html

Making applications work with Tor:
        https://wiki.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

Frequently Asked Questions:
        https://www.torproject.org/docs/faq.html


To get started working on Tor development:
        See the doc/HACKING directory.